Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer acting up, taskbar icons disappeared and desktop icons moved


  • This topic is locked This topic is locked

#1
Mara1983

Mara1983

    Member

  • Member
  • PipPip
  • 55 posts

Hello all,

 

Yesterday my computer started acting weird and all of a sudden my taskbar icons all disappeared and my desktop icons all moved around. The computer seems slow ever since and I think I might have gotten a virus. Below are the logs - thanks in advance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Marzena (administrator) on MARZENA-PC on 21-05-2015 18:36:47
Running from C:\Users\Marzena\Desktop
Loaded Profiles: Marzena (Available profiles: Marzena)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-09-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [154136 2007-09-19] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [137752 2007-09-19] (Intel Corporation)
HKLM-x32\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [118784 2007-06-08] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-12-05] (RealNetworks, Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2007-08-14] (Sony Corporation)
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-05] (Siber Systems)
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll [2007-10-05] (TODO: <Company name>)
BootExecute: autocheck autochk * SsiEfr.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71FF0F51-013D-4E92-A992-5CAB809BDCF9} URL = http://search.aol.co...onType=sny_ie7;
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> DefaultScope {46723C7C-7E2A-4FF2-A008-2130EDD8CE9F} URL = http://www.google.co...startPage}&rlz=
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> {46723C7C-7E2A-4FF2-A008-2130EDD8CE9F} URL = http://www.google.co...startPage}&rlz=
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> {71FF0F51-013D-4E92-A992-5CAB809BDCF9} URL = http://search.aol.co...onType=sny_ie7;
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-03-05] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-03-05] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-03-05] (Siber Systems Inc.)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://photoservice...PSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-09-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-12-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-12-05] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1233255463-3445828113-3813920422-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Marzena\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-13] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-30]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-12]
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-05]
FF HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-05]
CHR Extension: (Google Drive) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-05]
CHR Extension: (YouTube) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-05]
CHR Extension: (Google Search) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-05]
CHR Extension: (Google Sheets) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-05]
CHR Extension: (Bookmark Manager) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-05]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [630784 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [204800 2007-09-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2818048 2007-09-23] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-08-09] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-09] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-08-09] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-08-09] (Sony Corporation) [File not signed]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-09] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292128 2007-09-29] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed]
R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation) [File not signed]
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 KSS; "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-10-18] (Malwarebytes Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 18:36 - 2015-05-21 18:37 - 00023742 _____ () C:\Users\Marzena\Desktop\FRST.txt
2015-05-21 18:35 - 2015-05-21 18:36 - 00000000 ____D () C:\FRST
2015-05-21 18:34 - 2015-05-21 18:34 - 01147392 _____ (Farbar) C:\Users\Marzena\Downloads\FRST (1).exe
2015-05-21 18:34 - 2015-05-21 18:34 - 01147392 _____ (Farbar) C:\Users\Marzena\Desktop\FRST.exe
2015-05-20 22:02 - 2015-05-20 22:02 - 00000000 ____D () C:\Users\Marzena\AppData\Roaming\AVG2015
2015-05-20 21:59 - 2015-05-20 21:59 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-20 21:54 - 2015-05-20 22:00 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-20 21:51 - 2015-05-20 22:11 - 00000000 ____D () C:\Users\Marzena\AppData\Local\Avg2015
2015-05-20 21:51 - 2015-05-20 21:51 - 04818760 _____ (AVG Technologies) C:\Users\Marzena\Downloads\avg_free_stb_all_5863p1_177.exe
2015-05-18 20:31 - 2015-05-18 20:31 - 00000000 ____D () C:\Windows\system32\20-20 Technologies
2015-05-18 14:22 - 2015-05-18 14:22 - 02891995 _____ () C:\Users\Marzena\Downloads\Outlook.com (3).zip
2015-05-18 00:40 - 2015-05-18 00:40 - 00781040 _____ () C:\Users\Marzena\Downloads\Lost Gosling.zip
2015-05-14 13:49 - 2015-05-14 13:49 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2015-05-13 02:51 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 02:46 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 02:46 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 02:46 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 02:46 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 02:46 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 02:46 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 02:46 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 02:46 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 02:46 - 2015-04-19 16:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 02:46 - 2015-04-19 00:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 02:45 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:33 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 14:20 - 2015-04-10 11:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 14:20 - 2015-04-10 11:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 14:20 - 2015-04-10 11:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 14:20 - 2015-04-10 11:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 14:20 - 2015-04-10 11:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 14:20 - 2015-04-10 11:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 14:20 - 2015-04-10 11:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 14:20 - 2015-04-10 11:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-12 14:20 - 2015-04-10 11:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-12 14:20 - 2015-04-10 11:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-12 14:19 - 2015-04-10 11:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 14:19 - 2015-04-10 11:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 14:19 - 2015-04-10 11:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 14:19 - 2015-04-10 11:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 14:19 - 2015-04-10 11:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 14:19 - 2015-04-10 11:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 14:19 - 2015-04-10 11:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 14:19 - 2015-04-10 11:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 14:19 - 2015-04-10 11:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-12 14:19 - 2015-04-10 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 14:19 - 2015-04-10 11:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 14:19 - 2015-04-10 11:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-10 23:49 - 2015-05-10 23:49 - 02394976 _____ () C:\Users\Marzena\Downloads\New Form Entry Contact Form.zip
2015-05-07 13:52 - 2015-05-07 13:52 - 00290272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00191968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00166880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-05-04 14:15 - 2015-05-04 14:15 - 00213984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2015-04-27 13:19 - 2015-04-27 13:19 - 00226784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-04-22 14:22 - 2015-04-22 14:22 - 01713756 _____ () C:\Users\Marzena\Downloads\DG Boston.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 18:33 - 2006-11-02 08:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 18:33 - 2006-11-02 08:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 18:32 - 2012-11-23 13:51 - 01185786 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 18:27 - 2012-08-22 19:46 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 18:21 - 2015-01-13 15:11 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1233255463-3445828113-3813920422-1000.job
2015-05-21 18:21 - 2006-11-02 06:23 - 00000179 _____ () C:\Windows\win.ini
2015-05-21 17:53 - 2012-08-25 20:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 17:40 - 2014-05-18 12:27 - 00000000 ____D () C:\Users\Marzena\AppData\Roaming\Skype
2015-05-21 14:13 - 2010-10-17 12:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-21 14:07 - 2012-08-22 19:46 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 14:07 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 03:34 - 2006-11-02 09:01 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 22:02 - 2012-05-13 11:21 - 00000000 ___HD () C:\$AVG
2015-05-20 22:02 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 22:01 - 2013-11-26 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-20 21:54 - 2008-09-07 11:08 - 00000000 ____D () C:\Program Files\AVG
2015-05-20 21:47 - 2012-08-22 19:47 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-13 14:19 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 14:03 - 2006-11-02 08:47 - 03718096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:55 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-13 13:55 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 02:51 - 2007-11-16 04:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 02:44 - 2013-08-14 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 02:35 - 2006-11-02 06:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 02:32 - 2010-06-03 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 02:31 - 2010-03-13 22:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-24 11:10 - 2006-11-02 06:33 - 00771970 _____ () C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2008-06-28 23:05 - 2015-02-04 03:13 - 0012800 _____ () C:\Users\Marzena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-11 19:08 - 2011-12-29 23:05 - 0003551 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Marzena\CTX.DAT
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-21 14:27
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Marzena at 2015-05-21 18:38:17
Running from C:\Users\Marzena\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1233255463-3445828113-3813920422-500 - Administrator - Disabled)
Guest (S-1-5-21-1233255463-3445828113-3813920422-501 - Limited - Disabled)
Marzena (S-1-5-21-1233255463-3445828113-3813920422-1000 - Administrator - Enabled) => C:\Users\Marzena
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
AceBackup 3 (HKLM\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4347 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
C4580 (Version: 110.0.218.000 - Hewlett-Packard) Hidden
C4580_Help (Version: 110.0.218.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.0.00.09140 - Sony Corporation)
Click to Disc (Version: 1.0.00.09140 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.0.00 - Sony Corporation)
Click to Disc Editor (Version: 1.0.00 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4 (HKLM\...\{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LocationFree Player (HKLM\...\{D937DD80-3928-4617-876F-538A25AECB17}) (Version: 4.01.0000 - Sony Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (Version: 110.0.180.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 11.0 (HKLM\...\HPOCR) (Version: 11.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenMG Limited Patch 4.7-07-15-19-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
PanoStandAlone (Version: 110.0.180.000 - Hewlett-Packard) Hidden
PS_AIO_04_C4580_ProductContext (Version: 110.0.218.000 - Hewlett-Packard) Hidden
PS_AIO_04_C4580_Software (Version: 110.0.218.000 - Hewlett-Packard) Hidden
PS_AIO_04_C4580_Software_Min (Version: 110.0.218.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 7-9-5-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-5-5 - Siber Systems)
Roxio Easy Media Creator Home (HKLM\...\{B7FB0C86-41A4-4402-9A33-912C462042A0}) (Version: 9.1.095 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.1.00.09240 - Sony Corporation)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.3.00 - Sony Corporation)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO Center Access Bar (HKLM\...\{C299F969-AE3D-4679-ADF5-682A186CE62E}) (Version: 1.00.1001 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 1.0.01.09270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}) (Version: 2.1.00.09284 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.1.00.09284 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{69351E9E-23ED-41D5-B146-EDBF83C63B66}) (Version: 2.1.00.09281 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 2.1.00.09281 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{B5E2DF30-1061-4DB4-AF28-08996C8E5680}) (Version: 2.1.00.09202 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 2.1.00.09202 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.1.00.09190 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Center (HKLM\...\{E74F7423-77CB-4F6A-A44D-604E1010FE50}) (Version: 3.00.1005 - Sony)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.0.00.06280 - Sony Corporation)
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 3.3.00.09200 - Sony Corporation)
VAIO Help and Support (HKLM\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 4.00.1016.NRVP - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 1.1.00.09190 - Sony Corporation)
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version:  - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version:  - Sony Corporation)
VAIO Media Integrated Server 6.2 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version:  - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.1.00.10160 - Sony Corporation)
VAIO Movie Story (Version: 1.1.00.10160 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.1.00.09281 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 1.1.01.09240 - Sony Corporation)
VAIO OOBE and Welcome Center (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 4.00.1015.US - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.2.00.11100 - Sony Corporation)
VAIO PC Wireless LAN Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.01.1015 - Sony)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.3.00.10100 - Sony Corporation)
VAIO Productivity Center (HKLM\...\{BABC878D-BB64-4688-9A88-1D9E88F339A9}) (Version: 3.00.1015 - Sony)
VAIO Security Center (HKLM\...\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}) (Version: 6.00.1015 - Sony Corporation)
VAIO Service Utility (HKLM\...\VAIO Service Utility) (Version: 1.2.0.0 - Sony)
VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 1.2.00.09200 - Sony Corporation)
VAIO Startup Assistant (HKLM\...\{DFD0E9A9-F24A-492B-8975-8C938E32408F}) (Version: 1.00.1019 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 5.00.7207 - Sony)
VAIO Update 3 (HKLM\...\{48820099-ED7D-424B-890C-9A82EF00656D}) (Version: 3.0.04.09200 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.0.00.09200 - Sony Corporation)
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.411 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.411 - InterVideo Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000_Classes\CLSID\{16569F81-76A4-4339-8745-BE295A404D9B}\InprocServer32 -> C:\Users\Marzena\AppData\Local\Microsoft\Windows Sidebar\Gadgets\VideoSony.gadget\dll\AOLVideoGadgetHelper.dll (AOL)
CustomCLSID: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\Marzena\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Marzena\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
10-12-2014 20:26:23 Windows Update
17-12-2014 19:25:21 Scheduled Checkpoint
04-01-2015 06:19:20 Scheduled Checkpoint
15-01-2015 03:06:47 Windows Update
31-01-2015 16:59:05 Scheduled Checkpoint
03-02-2015 16:27:43 Scheduled Checkpoint
06-02-2015 12:38:23 Scheduled Checkpoint
07-02-2015 16:57:39 Scheduled Checkpoint
11-02-2015 04:00:56 Windows Update
12-02-2015 04:00:23 Windows Update
18-03-2015 03:00:57 Windows Update
20-03-2015 10:57:33 Scheduled Checkpoint
22-03-2015 13:31:06 Scheduled Checkpoint
29-03-2015 17:31:55 Scheduled Checkpoint
08-04-2015 19:28:04 Scheduled Checkpoint
10-04-2015 15:46:36 Scheduled Checkpoint
15-04-2015 03:01:13 Windows Update
26-04-2015 13:39:20 Scheduled Checkpoint
13-05-2015 02:26:12 Windows Update
20-05-2015 21:53:08 Installed AVG 2015
20-05-2015 21:55:19 Installed AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2013-01-19 20:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1BBFF235-96E3-4203-B152-E5B3069FC6EA} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {1D7CE238-E0F8-45AC-A507-CBA61809C9A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {20B3BB5F-7C9C-4DB0-8958-6CED20152810} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {2EB59130-18A2-4FC5-8628-EA0CF8AB5F30} - System32\Tasks\G2MUpdateTask-S-1-5-21-1233255463-3445828113-3813920422-1000 => C:\Users\Marzena\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {43819CFE-ABB1-4A00-AD6E-089F82F8FD5A} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-09-20] (Sony Corporation)
Task: {46A62644-6379-4029-A30A-B5B0AC08E98C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1233255463-3445828113-3813920422-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {7FF6CBBA-0C3D-4BFC-A32E-B7905B171D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {899ABE53-B0B0-4439-9C2D-73C16DEBA8DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {95C7C25A-7A34-47A1-9B45-3F63D33A633E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1233255463-3445828113-3813920422-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {9C1BD2A3-C122-4867-BA55-E00C6B658DE3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-03-05] (Siber Systems)
Task: {9CCCDE05-562B-4F7A-B431-E1E887B71245} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {B6F7E416-6150-4BFA-9784-34243C783ECE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DEA31126-7F46-4DEC-BA00-87AE0B63F572} - System32\Tasks\VAIO Service Utility => C:\Program Files\Sony\VAIO Service Utility\VAIO-SU.exe [2007-09-26] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1233255463-3445828113-3813920422-1000.job => C:\Users\Marzena\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2007-10-30 23:28 - 2007-09-19 08:19 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-11-16 04:48 - 2007-09-20 13:23 - 00192512 _____ () C:\Program Files\Sony\Network Utility\Cg10u.dll
2007-06-05 17:20 - 2007-06-05 17:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2014-08-12 12:34 - 2014-08-12 12:34 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2007-10-31 14:15 - 2007-08-14 23:05 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2007-10-31 14:15 - 2007-08-14 23:05 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2012-11-08 17:25 - 2012-11-08 17:25 - 00711112 ____N () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Marzena\Downloads\No Subject.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marzena\Downloads\sexy polish girl,.pretty polish girl,..oh wait,...your german,..yuck!hahahahah.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marzena\Downloads\WP_20140309_001_1.mp4:TOC.WMV
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
 
There are 5179 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marzena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{F8317929-2681-40EA-897C-7EF51BA6213D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0FA28B74-1E0D-4528-B81C-4B1AA2025BCA}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AB719F27-5EA1-43E6-AC46-D75F291539DB}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{9130DE31-8E9B-4363-AAA6-6A5449EC7A3B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{38F774B9-C7DC-4138-B3A7-F5B11A84A866}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{C79CB059-3416-43BF-A62F-FF35A88AE630}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{38425B6C-EBCF-4F1A-BC41-2190EF6E535F}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{C0FB682B-BD2B-49B3-B302-AEA8A6695B8C}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [TCP Query User{F3F2372A-4373-4661-8992-97226A176EEC}C:\users\marzena\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marzena\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5F665B47-2415-4D1B-B2E9-DD491A248DB6}C:\users\marzena\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marzena\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E72F654F-4581-4110-B118-AACC7E2087B9}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{44C3D899-CF93-4D5C-ABB3-81802CC27679}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B0BF69E2-3ECF-43E2-BC76-0C4D287A8DDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{AEBE025B-A7F5-4BEE-B194-7CF87FDC5384}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{2E16F7E8-538E-456E-8173-6C38F28B1A9F}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{6BCEE2E6-C3F8-4C8F-8E45-F8CB0DD0B6DC}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9FA7C062-3D24-446D-AF84-5446AAF01851}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{207E2F0D-387D-47C8-B4C7-BDCFDA5ADB54}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{3FCC91C5-9CB9-4748-BA0F-065578EA9839}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{86643738-0C74-40C1-88D4-3F5A5DCC0185}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AA4E8E79-519B-42CD-8B80-693DC18F829F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CD14626F-7EB6-4EB1-95D0-6402E58B552D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{EAF7BF04-03CA-43A2-B80A-C9157BF4F19E}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{71D3A496-232F-43B1-AEB1-AA1E800AFB83}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{15FA9F93-3EB4-43AE-B507-025A68D36066}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DB49577B-16D9-4856-BDFE-360BBAAD6BDE}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0F7E8A91-CA2C-476B-8B61-D98D8A8A61DF}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FD919CC2-B7F7-4F33-8005-114A3C09D257}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2CFF26E0-B555-4D0E-8B2A-0CD37660891F}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{3F5A15EB-BCEA-47C3-9331-559DA6BC7C65}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #14
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #17
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #27
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #28
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #29
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft ISATAP Adapter #15
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft ISATAP Adapter #38
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2015 03:19:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error: (05/21/2015 03:19:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
 
Error: (05/21/2015 03:19:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/21/2015 02:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7254
 
Error: (05/21/2015 02:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7254
 
Error: (05/21/2015 02:39:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/21/2015 02:39:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6255
 
Error: (05/21/2015 02:39:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6255
 
Error: (05/21/2015 02:39:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/21/2015 02:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5226
 
 
System errors:
=============
Error: (05/21/2015 02:10:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (05/21/2015 02:08:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Kaspersky Security Scan Service%%3
 
Error: (05/21/2015 02:08:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/21/2015 03:33:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (05/21/2015 02:00:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000VzCdbSvc
 
Error: (05/20/2015 10:08:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (05/20/2015 10:06:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Kaspersky Security Scan Service%%3
 
Error: (05/20/2015 10:06:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (05/20/2015 10:03:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (05/20/2015 09:59:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)
 
 
Microsoft Office:
=========================
Error: (11/15/2010 09:41:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3139 seconds with 540 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-21 18:37:57.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:57.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:56.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:56.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:55.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:55.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:54.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:54.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:04.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-21 18:37:04.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 76%
Total physical RAM: 2037.69 MB
Available physical RAM: 474.46 MB
Total Pagefile: 4318.62 MB
Available Pagefile: 2342.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:224.97 GB) (Free:104.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 1C3B98CE)
Partition 1: (Not Active) - (Size=7.9 GB) - (Type=27)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

:help:


  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I'll be with you shortly, need to look at log files.
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

A few items to fix, 2 more scans to run an post the log files from them.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
C:\Users\Marzena\CTX.DAT
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71FF0F51-013D-4E92-A992-5CAB809BDCF9} URL = http://search.aol.co...onType=sny_ie7;
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> DefaultScope {46723C7C-7E2A-4FF2-A008-2130EDD8CE9F} URL = 
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> {71FF0F51-013D-4E92-A992-5CAB809BDCF9} URL = http://search.aol.co...onType=sny_ie7;
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-09-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S2 KSS; "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Marzena\Downloads\No Subject.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marzena\Downloads\sexy polish girl,.pretty polish girl,..oh wait,...your german,..yuck!hahahahah.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marzena\Downloads\WP_20140309_001_1.mp4:TOC.WMV
FirewallRules: [{F8317929-2681-40EA-897C-7EF51BA6213D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0FA28B74-1E0D-4528-B81C-4B1AA2025BCA}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AB719F27-5EA1-43E6-AC46-D75F291539DB}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{9130DE31-8E9B-4363-AAA6-6A5449EC7A3B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{38F774B9-C7DC-4138-B3A7-F5B11A84A866}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{C79CB059-3416-43BF-A62F-FF35A88AE630}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{38425B6C-EBCF-4F1A-BC41-2190EF6E535F}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{C0FB682B-BD2B-49B3-B302-AEA8A6695B8C}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe   
FirewallRules: [{E72F654F-4581-4110-B118-AACC7E2087B9}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{44C3D899-CF93-4D5C-ABB3-81802CC27679}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B0BF69E2-3ECF-43E2-BC76-0C4D287A8DDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{AEBE025B-A7F5-4BEE-B194-7CF87FDC5384}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{2E16F7E8-538E-456E-8173-6C38F28B1A9F}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{6BCEE2E6-C3F8-4C8F-8E45-F8CB0DD0B6DC}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9FA7C062-3D24-446D-AF84-5446AAF01851}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{207E2F0D-387D-47C8-B4C7-BDCFDA5ADB54}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • Fixlog.txt, that will be found on your desktop when scan is finished.
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#5
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Thanks Joe!! Here are the logs:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Marzena at 2015-05-23 14:20:25 Run:1
Running from C:\Users\Marzena\Desktop
Loaded Profiles: Marzena (Available profiles: Marzena)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
C:\Users\Marzena\CTX.DAT
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71FF0F51-013D-4E92-A992-5CAB809BDCF9} URL = http://search.aol.co...onType=sny_ie7;
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> DefaultScope {46723C7C-7E2A-4FF2-A008-2130EDD8CE9F} URL = 
SearchScopes: HKU\S-1-5-21-1233255463-3445828113-3813920422-1000 -> {71FF0F51-013D-4E92-A992-5CAB809BDCF9} URL = http://search.aol.co...onType=sny_ie7;
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-09-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S2 KSS; "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\Marzena\Downloads\No Subject.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marzena\Downloads\sexy polish girl,.pretty polish girl,..oh wait,...your german,..yuck!hahahahah.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marzena\Downloads\WP_20140309_001_1.mp4:TOC.WMV
FirewallRules: [{F8317929-2681-40EA-897C-7EF51BA6213D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0FA28B74-1E0D-4528-B81C-4B1AA2025BCA}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AB719F27-5EA1-43E6-AC46-D75F291539DB}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{9130DE31-8E9B-4363-AAA6-6A5449EC7A3B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{38F774B9-C7DC-4138-B3A7-F5B11A84A866}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{C79CB059-3416-43BF-A62F-FF35A88AE630}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{38425B6C-EBCF-4F1A-BC41-2190EF6E535F}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{C0FB682B-BD2B-49B3-B302-AEA8A6695B8C}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe   
FirewallRules: [{E72F654F-4581-4110-B118-AACC7E2087B9}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{44C3D899-CF93-4D5C-ABB3-81802CC27679}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B0BF69E2-3ECF-43E2-BC76-0C4D287A8DDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{AEBE025B-A7F5-4BEE-B194-7CF87FDC5384}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{2E16F7E8-538E-456E-8173-6C38F28B1A9F}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{6BCEE2E6-C3F8-4C8F-8E45-F8CB0DD0B6DC}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9FA7C062-3D24-446D-AF84-5446AAF01851}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{207E2F0D-387D-47C8-B4C7-BDCFDA5ADB54}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Users\Marzena\CTX.DAT => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
"HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71FF0F51-013D-4E92-A992-5CAB809BDCF9}" => Key Deleted successfully.
HKCR\CLSID\{71FF0F51-013D-4E92-A992-5CAB809BDCF9} => Key not found. 
HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKU\S-1-5-21-1233255463-3445828113-3813920422-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71FF0F51-013D-4E92-A992-5CAB809BDCF9}" => Key Deleted successfully.
HKCR\CLSID\{71FF0F51-013D-4E92-A992-5CAB809BDCF9} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key Deleted successfully.
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key Deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key Deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
KSS => Service Deleted successfully.
blbdrive => Service Deleted successfully.
IpInIp => Service Deleted successfully.
NwlnkFlt => Service Deleted successfully.
NwlnkFwd => Service Deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\Users\Marzena\Downloads\No Subject.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Marzena\Downloads\sexy polish girl,.pretty polish girl,..oh wait,...your german,..yuck!hahahahah.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Marzena\Downloads\WP_20140309_001_1.mp4 => ":TOC.WMV" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8317929-2681-40EA-897C-7EF51BA6213D} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FA28B74-1E0D-4528-B81C-4B1AA2025BCA} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB719F27-5EA1-43E6-AC46-D75F291539DB} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9130DE31-8E9B-4363-AAA6-6A5449EC7A3B} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38F774B9-C7DC-4138-B3A7-F5B11A84A866} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C79CB059-3416-43BF-A62F-FF35A88AE630} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38425B6C-EBCF-4F1A-BC41-2190EF6E535F} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0FB682B-BD2B-49B3-B302-AEA8A6695B8C} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E72F654F-4581-4110-B118-AACC7E2087B9} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44C3D899-CF93-4D5C-ABB3-81802CC27679} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0BF69E2-3ECF-43E2-BC76-0C4D287A8DDC} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEBE025B-A7F5-4BEE-B194-7CF87FDC5384} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E16F7E8-538E-456E-8173-6C38F28B1A9F} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BCEE2E6-C3F8-4C8F-8E45-F8CB0DD0B6DC} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FA7C062-3D24-446D-AF84-5446AAF01851} => value Deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{207E2F0D-387D-47C8-B4C7-BDCFDA5ADB54} => value Deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Echo Request, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 341.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:26:51 ====
 
# AdwCleaner v4.205 - Logfile created 23/05/2015 at 14:53:06
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Marzena - MARZENA-PC
# Running from : C:\Users\Marzena\Desktop\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater13.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\AVG\AVG10\Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Marzena\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Marzena\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Marzena\AppData\Roaming\HPAppData
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\IGearSettings
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16644
 
 
-\\ Google Chrome v43.0.2357.65
 
[C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Marzena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3003 bytes] - [23/05/2015 14:47:37]
AdwCleaner[S0].txt - [2988 bytes] - [23/05/2015 14:53:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3047  bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows Vista ™ Home Premium x86
Ran by Marzena on Sat 05/23/2015 at 17:42:34.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-75C07675.pf
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Marzena\appdata\local\Google\Chrome\User Data\Default\Default
 
Successfully deleted: [Folder] C:\Users\Marzena\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Folder] C:\Users\Marzena\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/23/2015 at 17:45:44.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Next a Malwarebytes scan, if you already have Malwarebytes skip the download part of my instructions,
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#7
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2015
Scan Time: 7:27:55 PM
Logfile: MWB scan.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.23.04
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Marzena
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351049
Time Elapsed: 32 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts

Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


How is the computer now ?
  • 0

#9
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Results of screen317's Security Check version 1.002  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 45  
 Adobe Reader XI  
 Google Chrome (42.0.2311.152) 
 Google Chrome (43.0.2357.65) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 14 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Computer actually seems better now - how are the scan results looking to you?
 
Thanks!

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Scan results look ok so far. You need to defrag the hard drive. Do you need instruction for that ?

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET scan results.
  • 0

Advertisements


#11
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b06a7016b39b624f876151c0e0b9220b
# engine=24002
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-24 11:33:51
# local_time=2015-05-24 07:33:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 118701214 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 163494642 269117958 0 0
# scanned=9383
# found=0
# cleaned=0
# scan_time=1802
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b06a7016b39b624f876151c0e0b9220b
# engine=24002
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-25 02:30:48
# local_time=2015-05-24 10:30:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 118711832 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 163501660 269128576 0 0
# scanned=217738
# found=0
# cleaned=0
# scan_time=10409

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Looks good,

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#13
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Results of screen317's Security Check version 1.002  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 45  
 Adobe Reader XI  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 14 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Sorry about that we did that scan already, the only thing it shows is you need to "Defrag" your hard drive...

To do that
To defragment your hard disk
Open Disk Defragmenter by clicking the Start button, In the search box, type Disk Defragmenter, and then, in the list of results, click Disk Defragmenter. Then defrag the "C" drive. It may take a while you can still use the computer while it's running.

Let me know how things are after you do that.
  • 0

#15
Mara1983

Mara1983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

I started the defragmentation this morning before work and just got home, it is still running, some 10 hrs later - is that normal?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP